ADN Informatique

Consultant Ingénierie Informatique

communication et sécurité

2008-01-22 14:59:59 (ID: 47, Parent: 33, Type: page)

Securing communication mini How-To Brief index 1 - Using SSH 2 - Using tunnelling 3 - Using encrypted Oracle Connection 4 - Secured Applications 4.1 - FTP (FTPS) 4.2 - HTTP (HTTPS)
4.3 - SSH (Secure Shell / Telnet) 5 - Kerberos 6 - Security certificate 7 - Tools to test security scheme 8 - Developper tools 9 - Other network and security tools 10 - Virus and Spamming detection and blocking
1 - Using SSH 1.0 - What is SSH SSH is a Secure SHell. It is an encrypted channel of commication between two computer.
1.1 - Where to download SSH Client/Server There is a windows client named putty.
A list of other windows softwareSSH Source Code / SSL Source Code
Another good ssh client package for windows could be found at ftp://ftp.ssh.com/pub/ssh/
1.2 - Compiling and Installing SSH/SSL under Solaris9/Sparc/GCC Installing SSL (required by SSH)
First of all, download SSL Source Code from their web site
Second, gunzip and untar the source package
Third, configure it, compile and install it.
Note: you must be root to do the "make install" step.
Thoses steps look like:
go to this url: http://www.openssl.org/source and download the latest version.
open a shell windows and type the following
BASH> gunzip openssl-0.9.7d.tar.gz
BASH> tar -xvf openssl-0.9.7d.tar
BASH> cd openssl-0.8.7d
BASH> ./Configure solaris[64]-sparcv9-gcc
BASH> make
BASH> make install
Installing SSH First of all, download SSH Source Code from their web site
Second, gunzip and untar the source package
Third, configure it, compile and install it.
Note: you must be root to do the "make install" step.
Thoses steps look like:
go to this url: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ and download the latest version.
Note: if you want to install under solaris or linux get the version with a p1 at the end. p mean portable. Originals versions are for OpenBSD.
open a shell windows and type the following
BASH> gunzip openssh-3.8.1p1.tar.gz
BASH> tar -xvf openssh-3.8.1p1.tar
BASH> cd openssh-3.8.1p1
BASH> configure --without-zlib-version-check --with-ssl-dir=/usr/local/ssl/ [--build=sparc64]
BASH> make
BASH> make install
1.3 - Using SSH in other software We could integrate the use of SSH within many software. There are some library that use it.
OpenSSH tool kit
2 - Using tunnelling 2.1 - Starting a tunnel under windows First of all, download and install putty.exe and plink.exe
After that, simply invoke a shell windows (CMD or COMMAND) and execute the following command:
plink -L 1234:www.grafsoft.com:80 www.grafsoft.com
and enter your login/password.
This command forward local port 1234 to the www.grafsoft.com web server on port 80. The authentification is done on www.grafsoft.com using ssh.
2.2 - Starting a tunnel under unix ssh -L 1234:elvis.grafsoft.com:23 elvis.grafsoft.com
2.3 - Auto logon (without asking for password) First of all, you need to create an identity key that don't use paraphrase. To do so, simply logon the source machine and type:
ssh-keygen -d
you will be prompted for a paraphrase, leave it blank.
This will create two files named id_dsa and id_dsa.pub in a subdirectory .ssh in your home directory.
After that, logon the tunnel destination account, create a subdirectory (if it doesn't exist) named .ssh (yes, a dot precede ssh). In that subdirectory, create a file named authorized_keys2 open it an copy the content of your local file id_dsa.pub in it.
mkdir .ssh
vi .ssh/authorized_keys2
-insert content of local .ssh/id_dsa.pub -
After that, when you try to logon the destination you won't be asked for password.
If you want to create a tunnel without been logged you simply type:
ssh -N -L 1234:elvis:23 elvis
2.4 - On-line others tutorials http://www.frozenblue.net/tools/howtos/?v=ssh-tunnel
Encrypted tunnels using SSH and MindTerm
http://www.faqs.org/docs/Linux-HOWTO/MindTerm-SSH-HOWTO.html
Using putty (see #1.1) to create a tunnel between two machine
http://www.gb.nrao.edu/pubcomputing/tunnel-howto.shtml
Retrieving mail via ssh
http://www.ccs.neu.edu/howto/howto-sshtunnel.html
RSTunnel, an tunnel setting utility
http://sourceforge.net/projects/rstunnel/
2.5 - Tunnelling software PPTP Client for unix http://pptpclient.sourceforge.net/howto-redhat-73.phtmlhttp://www.bigwebmaster.com/General/Howtos/IP-Masquerade-HOWTO/vpns.htmlhttp://www.impsec.org/linux/masquerade/ip_masq_vpn.html#HOWTOhttp://www.impsec.org/linux/masquerade/VPN-howto/VPN-Masquerade.html
3 - Using encrypted Oracle Connection 3.1 - Using tunnelled connection Oracle connections are made on port 1521. If you only want to use a secured connexion, you can use tunnelling for the port 1521 and that is it.
3.2 - Using oracle encryption model
4 - Secured Applications 4.1 - Using secured FTP 4.1.1 - ProFTPD Server There is a secured (and much more enhanced) ftp deamon available from http://www.proftpd.org/ there is also good doc here.
It can be compiled and installed with the following commands:
Note: you must be root to do the "make install" step.
go to this url: ftp://ftp.proftpd.org/distrib/source/ and download the latest version.
open a shell windows and type the following
BASH> gunzip proftpd-1.2.9.tar.gz
BASH> tar -xvf proftpd-1.2.9.tar
BASH> cd proftpd-1.2.9
BASH> configure
BASH> make
BASH> make install
It will override the default ftp server provided by solaris 9. If you have problem with the "make install" step complaining about a failed "chown -h root:root", simply edit the "Makefile", search for "chown -h", remode the "-h" and the ":$xx".
4.1.2 - Secure ftp client (windows) You can use the psftp.exe software provided on the putty homepage.
Berkeley use another one named SafeTP, your can find more here.
4.2 - Using secured HTTP (HTTPS) 4.2.1 - Setting up apache for HTTPS See the on-line mini-howto
4.3 - SSH (Secure Shell / Telnet)see section 1
5 - Kerberos 5.1 - What is kerberosKerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. A free implementation of this protocol is available from the Massachusetts Institute of Technology. Kerberos is available in many commercial products as well.
5.2 - Finding documentation MIT Kerberos HomepageKerberos FAQ at MITGNU ShishiRFC1510
5.3 - Installing a Kerberos Server
6 - Security certificate 6.1 - Creation a certificate to use with apache https See the on-line mini-howto on setting up apache to use https section 3.07 - Tools to test security scheme 7.1 - Packets sniffer DSniff8 - Developper tools 8.1 - C/C++ Protocols Library Curl/libCurl, a C library to use FTPS, HTTPS protocols within applicationsOpenSSH a SSH library and set of utility program with source code
8.2 - Using Curl for secure ftp transaction
9 - Other network tools 9.1 - Tunnelling and VPN PPTP Client/Server for Unix
9.2 - Other applications Using SSH with cvs tools
9.3 - MD5 A simple class that calculate MD5 sum in c++ that was done by Laval Bolduc could be downloaded from below:
md5Encoder.cpp and md5Encoder.h
10 - Virus and Spamming detection and blocking 10.1 - Mail processing tools MailScanner, a unix opensource mail processing package could be found at http://spam.abuse.net/adminhelp/mail.shtml and the documentation is at http://www.fsl.com/support/
10.2 - Spam detection tools Spamassassin could be found at http://www.spamassassin.org/
10.3 - Virus detection tools An opensource virus detection called ClamAv could be found at http://clamav.sourceforge.net/